Spil Oss <spil....@googlemail.com> wrote: > Thanks a lot! Will read up on that. (luckily I do speak > german/swiss-german). From discussions on ##FreeBSD IRC I learned that > it is not recommended to use lo0 for jails!
Why would that be not recommended? In fact I think it is a very good idea to use lo0 addresses for jails, for security reasons, because they're guaranteed to not leave your local system. Therefore you have full control of what the process within the jail can do. If you want to grant specific network access to a jail (incoming or outgoing, or both), you add appropriate "fwd" rules to IPFW. Best regards Oliver -- Oliver Fromme, secnetix GmbH & Co. KG, Marktplatz 29, 85567 Grafing b. M. Handelsregister: Registergericht Muenchen, HRA 74606, Geschäftsfuehrung: secnetix Verwaltungsgesellsch. mbH, Handelsregister: Registergericht Mün- chen, HRB 125758, Geschäftsführer: Maik Bachmann, Olaf Erb, Ralf Gebhart FreeBSD-Dienstleistungen, -Produkte und mehr: http://www.secnetix.de/bsd "That's what I love about GUIs: They make simple tasks easier, and complex tasks impossible." -- John William Chambless _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
